by Rowan Litter | 07/19/2024

 

Thousands of enterprises and workers across industries around the globe woke up Friday morning to what is described as the “Blue Screen of Death” on their Windows PCs. This outage originates from CrowdStrike, a leading cybersecurity solutions technology company. Specifically, this outage was not the result of a cyberattack, but rather from a faulty update to CrowdStrike’s Falcon^® Sensor endpoint protection platform for Windows operating systems (MacOS, Linux and other OS platforms were not affected). The Falcon^® Sensor platform is used by organizations across the world for real-time threat detection, endpoint visibility, and firewall management.

Although the outage stems from a third-party cybersecurity update, the issue is affecting Microsoft Cloud 365 applications and services to organizations with CrowdStrike platform deployments to the point where users cannot even access their Windows PCs. This situation has caused catastrophic consequences to critical operations of enterprises with frontline workers and services. Airlines have been unable to access computers or systems, including boarding and bag checking, resulting in massive delays and cancellations; eventually, workers were able to shift to pen and paper systems for checking passengers into flights. Hospital personnel have been unable to access their healthcare systems, resulting in delays and stoppages in providing [critical] healthcare services to patients. 911 services have been shut down in agencies across the US, including for the entire state of Alaska. Even financial services and media news outlets have been unable to conduct daily operations, such as the publication of news, an essential aspect to their business. CrowdStrike issued a statement saying that the issue was identified, and a fix was deployed (as well as instructions on how to manually address the problem), but due to the number of computers already affected, the outage is likely to persist as enterprise IT departments will have to take the burden of troubleshooting the issue themselves.

In the months leading up to this unprecedented outage, CrowdStrike was extremely vocal in the shortcomings of Microsoft’s own Defender endpoint security tools, claiming that customers who are purely running Microsoft Defender are vulnerable to cybersecurity threats. The company’s market solution was for customers to adopt Falcon^® (on Microsoft), which seems to be the affected platform in the recent outage. Cybersecurity tools, such as Falcon^® Sensor, require access to the computer operating system to provide optimal visibility and threat-detection monitoring. While trying to deploy an update that would boost cybersecurity capabilities, a small defect in the code caused Windows to crash around the world.

Although the outage was caused by an update and not the platform itself, this incident raises concerns pertaining to technology reliance and many of the current protocols for IT system upkeep. This accident confirms some of the worst fears and concerns of IT decision-makers over public cloud computing. The fact that a faulty update from a third-party provider can be deployed to a public cloud at a global scale and impact the business and mission-critical operations of a wide range of enterprises and government agencies is a potentially industry-turning event. Over the next few weeks there will undoubtedly be discussions and initiatives taken by enterprise decision-makers on the future of their IT and cloud-computing roadmaps.